apache-airflow is vulnerable to cross-site scripting (XSS). An admin user is able to inject arbitrary Javascript into a victim’s browser through the modification of state of objects in the metadata database, which would execute on certain page views.
CPE | Name | Operator | Version |
---|---|---|---|
apache-airflow | le | 1.10.2rc3 |